A critical Bluetooth flaw has been discovered that allows attackers to connect to Apple, Android, and Linux devices and inject keystrokes to run arbitrary commands.
Attackers impersonating Disney+ in a highly detailed scheme targeted 44 individuals across 22 organizations using various attack vectors such as email spoofing/phishing, attachment-based tactics, phone-based social engineering, and brand impersonation.
Recent research has identified a significant security risk for over 15,000 Go module repositories hosted on GitHub, which are vulnerable to repojacking attacks that exploit changes in account usernames and deletions to create repositories with the same name, enabling open-source software supply chain attacks.
A previously unknown threat actor called AeroBlade has targeted a US aerospace company in a yearlong cyberespionage campaign, utilizing spear-phishing tactics and a weaponized document containing a remote template injection technique and a malicious VBA macro code.
A recent report by the US Government Accountability Office (GAO) reveals that the majority of federal agencies have not met the federal requirements for event logging, impeding their ability to detect, investigate, and remediate cyber threats.
Microsoft discloses that Russian state-sponsored APT group Forest Blizzard has been actively exploiting vulnerabilities to target government, energy, and transportation organizations in the US, Europe, and the Middle East.
